PatchSiren cyber security CVE debrief
CVE-2026-47749 leejet CVE debrief
CVE-2026-47749 is a high-severity vulnerability in stable-diffusion.cpp, a C/C++ library for running diffusion model inference. The vulnerability is caused by a heap buffer overflow in the SHORT_BINUNICODE parsing for PyTorch checkpoint files. This issue was resolved in version master-584-0a7ae07. Affected applications loading untrusted .ckpt model files could be vulnerable to heap corruption, potentially leading to process crashes or code execution.
- Vendor
- leejet
- Product
- stable-diffusion.cpp
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Developers and users of applications that utilize stable-diffusion.cpp to load .ckpt model files from untrusted sources should be aware of this vulnerability. This includes any application that uses stable-diffusion.cpp for inference with models obtained from untrusted or third-party sources.
Technical summary
The pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the SHORT_BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption.
Defensive priority
High
Recommended defensive actions
- Update stable-diffusion.cpp to version master-584-0a7ae07 or later.
- Avoid loading .ckpt checkpoint files from untrusted sources.
- Consider using safer formats such as .safetensors where possible.
Evidence notes
The CVE-2026-47749 vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. The vulnerability was published on 2026-06-16T19:16:55.867Z and modified on 2026-06-16T20:44:11.730Z.
Official resources
CVE-2026-47749 was published on 2026-06-16T19:16:55.867Z and modified on 2026-06-16T20:44:11.730Z.